<?php
define('ALLOWED_REFERRER', '');
define('BASE_DIR','FilesUploaded/');
define('LOG_DOWNLOADS',true);
define('LOG_FILE','downloads.log');
$allowed_ext = array (

  
  'zip' => 'application/zip',

  'pdf' => 'application/pdf',
  'doc' => 'application/msword',
  'docx' => 'application/msword',
  'xls' => 'application/vnd.ms-excel',
  'xlt' => 'application/vnd.ms-excel',
  'xla' => 'application/vnd.ms-excel',
    
  'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
  'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
    
  'ppt' => 'application/vnd.ms-powerpoint',
  'pot' => 'application/vnd.ms-powerpoint',
  'pps' => 'application/vnd.ms-powerpoint',
  'ppa' => 'application/vnd.ms-powerpoint',
    
  'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
  'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
  'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
    
  'txt' => 'text/plain',
  
  'exe' => 'application/octet-stream',

  'gif' => 'image/gif',
  'png' => 'image/png',
  'jpg' => 'image/jpeg',
  'jpeg' => 'image/jpeg',

//  'mp3' => 'audio/mpeg',
//  'wav' => 'audio/x-wav',
//
//  'mpeg' => 'video/mpeg',
//  'mpg' => 'video/mpeg',
//  'mpe' => 'video/mpeg',
//  'mov' => 'video/quicktime',
//  'avi' => 'video/x-msvideo'
);

if (ALLOWED_REFERRER !== ''
&& (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)
) {
  die("Internal server error. Please contact system administrator.");
}

set_time_limit(0);

if (!isset($_GET['id']) || empty($_GET['id'])) {
  die("Please specify file name for download.");
}

if (strpos($_GET['id'], "\0") !== FALSE) die('');

$fname1 = basename($_GET['id']);

function find_file ($dirname, $fname1, &$file_path) {

  $dir = opendir($dirname);

  while ($file = readdir($dir)) {
    if (empty($file_path) && $file != '.' && $file != '..') {
      if (is_dir($dirname.'/'.$file)) {
        find_file($dirname.'/'.$file, $fname1, $file_path);
      }
      else {
        if (file_exists($dirname.'/'.$fname1)) {
          $file_path = $dirname.'/'.$fname1;
          return;
        }
      }
    }
  }

}

include 'DBLibrary/config.php';
include 'DBLibrary/openDB.php';
mysql_select_db($dbname);

$query = "SELECT fileName from rotaract.file where id = '$fname1'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);

$file_path = '';
find_file(BASE_DIR, $row['fileName'], $file_path);

if (!is_file($file_path)) {
  die("File does not exist. Make sure you specified correct file name."); 
}

$fsize = filesize($file_path); 

$fext = strtolower(substr(strrchr($row['fileName'],"."),1));

if (!array_key_exists($fext, $allowed_ext)) {
  die("Not allowed file type."); 
}

if ($allowed_ext[$fext] == '') {
  $mtype = '';

  if (function_exists('mime_content_type')) {
    $mtype = mime_content_type($file_path);
  }
  else if (function_exists('finfo_file')) {
    $finfo = finfo_open(FILEINFO_MIME);
    $mtype = finfo_file($finfo, $file_path);
    finfo_close($finfo);  
  }
  if ($mtype == '') {
    $mtype = "application/force-download";
  }
}
else {
  $mtype = $allowed_ext[$fext];
}

if (!isset($_GET['fc']) || empty($_GET['fc'])) {
  $asfname = $row['fileName'];
}
else {
  $asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
  if ($asfname === '') $asfname = 'NoName';
}

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);

$file = @fopen($file_path,"rb");
if ($file) {
  while(!feof($file)) {
    print(fread($file, 1024*8));
    flush();
    if (connection_status()!=0) {
      @fclose($file);
      die();
    }
  }
  @fclose($file);
}

if (!LOG_DOWNLOADS) die();

$f = @fopen(LOG_FILE, 'a+');
if ($f) {
  @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$fname1."\n");
  @fclose($f);
}

?>